Full Disclosure mailing list archives
Re: targetted SSH bruteforce attacks
From: Sebastian Rother <sebastian.rother () jpberlin de>
Date: Fri, 18 Jun 2010 02:31:08 +0200
On Thu, 17 Jun 2010 16:56:41 -0500 "Mr. MailingLists" <mailinglists () soul-dev com> wrote:
Hello Gary/List! On 6/17/2010 6:48 AM, Gary Baribault wrote:Hello list, I have a strange situation and would like information from the list members. I have three Linux boxes exposed to the Internet. Two of them are on cable modems, and both have two services that are publicly available. In both cases, I have SSH and named running and available to the public. Before you folks say it, yes I run SSH on TCP/22 and no I don't want to move it to another port, and no I don't want to restrict it to certain source IPs.
Ok I strongly dislike this non-working blafoobiztalk. Are you all gayhats like FX who works for whoever pays most? Guys SSH attacks.. hey this aint the 80's. OpenBSD PF is always HANDY for LIMITING A CONNECTION/PER_AMOUNT_OF_TIME and thus automaticaly blocking such crap after 4 trials or so! I am deeply disappointed imho: What is this list... a mailinglist of whiners? YOU EXPOSED X LINUX HOSTS... OK! (LINUX wont matter, could be MS "remote desktop" or whatever) Linux is deepply fucked up (well CISCO looked for a OS as fucked up as IOS.. thus LINUX... CISCO ASA greets you...) and OpenBSD aint PERFECT either (hello Henning and Theo.. hello TCP/IP Stack or recent PF changes..). But OpenBSDs "PF" could limit the attacks you descripe pretty nicely (and here I have to thanks Henning and others for their free time imho, what you made is imho working at least). So what is risky about SSH-Attacks? I have multiple installations of self-defending oBSD frotnend-firewalls working for big customers against such shit. It aint even about SSH, say telnet (hello CISCO folks who deeply love Helith imho somehow *http logs*... what about a real own SSH and not forwarind your customers to a OpenSSH mailinglist... dipshits.. or what about making a donation to openBSD you fucktards? Hiring FX wont make a change...) or SMTP or POP3 or whatever protocol needs an authentication. And Hell I have even not thanked Theo or others for make it ALL (together) possible (of ecourse there is some salt in every soup..). No matter if they like me or not.. but sometimes their ideas are alright (even the code quality lacks behind in some parts..). You are loocking for a EASY WAY to collect Bots? OpenBSD PF with some "ideas" from you is your friend. So I await to see your donation to the OpenBSD project... If you make all the entries to get entered into the spamd-list spamd can even distribute your "lists of bots" to other hosts... just as a hint (and as critic that some people have to abuse spamd for this..). At least I abuse spamd like this sometimes. ;-D Kind regards, rmb _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: targetted SSH bruteforce attacks, (continued)
- Re: targetted SSH bruteforce attacks Cody Robertson (Jun 23)
- Re: targetted SSH bruteforce attacks Xin LI (Jun 17)
- Re: targetted SSH bruteforce attacks Paul Schmehl (Jun 17)
- Re: targetted SSH bruteforce attacks John Jacobs (Jun 17)
- Re: targetted SSH bruteforce attacks Xin LI (Jun 17)
- Re: targetted SSH bruteforce attacks Valdis . Kletnieks (Jun 18)
- Re: targetted SSH bruteforce attacks Marsh Ray (Jun 21)
- Message not available
- Re: targetted SSH bruteforce attacks Marc Olive (Jun 22)
- Re: targetted SSH bruteforce attacks bugs (Jun 26)
- Re: targetted SSH bruteforce attacks Sebastian Rother (Jun 17)
- Re: targetted SSH bruteforce attacks Thor (Hammer of God) (Jun 17)
- Re: targetted SSH bruteforce attacks BMF (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 18)
- Re: targetted SSH bruteforce attacks Ashish SHUKLA (Jun 18)